| 1 |
commit: cb12d2245f1dbc1579209a8c60903d3163a72419 |
| 2 |
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri May 3 13:13:02 2019 +0000 |
| 4 |
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri May 3 13:13:02 2019 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb12d224 |
| 7 |
|
| 8 |
net-misc/dhcpcd: Security cleanup |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/684430 |
| 11 |
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org> |
| 12 |
Package-Manager: Portage-2.3.62, Repoman-2.3.11 |
| 13 |
|
| 14 |
net-misc/dhcpcd/dhcpcd-7.1.1-r1.ebuild | 152 --------------------------------- |
| 15 |
1 file changed, 152 deletions(-) |
| 16 |
|
| 17 |
diff --git a/net-misc/dhcpcd/dhcpcd-7.1.1-r1.ebuild b/net-misc/dhcpcd/dhcpcd-7.1.1-r1.ebuild |
| 18 |
deleted file mode 100644 |
| 19 |
index 9c02a7a0ea5..00000000000 |
| 20 |
--- a/net-misc/dhcpcd/dhcpcd-7.1.1-r1.ebuild |
| 21 |
+++ /dev/null |
| 22 |
@@ -1,152 +0,0 @@ |
| 23 |
-# Copyright 1999-2019 Gentoo Authors |
| 24 |
-# Distributed under the terms of the GNU General Public License v2 |
| 25 |
- |
| 26 |
-EAPI=6 |
| 27 |
- |
| 28 |
-inherit systemd toolchain-funcs |
| 29 |
- |
| 30 |
-if [[ ${PV} == "9999" ]]; then |
| 31 |
- inherit git-r3 |
| 32 |
- EGIT_REPO_URI="https://roy.marples.name/git/dhcpcd.git" |
| 33 |
-else |
| 34 |
- MY_P="${P/_alpha/-alpha}" |
| 35 |
- MY_P="${MY_P/_beta/-beta}" |
| 36 |
- MY_P="${MY_P/_rc/-rc}" |
| 37 |
- SRC_URI="https://roy.marples.name/downloads/${PN}/${MY_P}.tar.xz" |
| 38 |
- KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" |
| 39 |
- S="${WORKDIR}/${MY_P}" |
| 40 |
-fi |
| 41 |
- |
| 42 |
-DESCRIPTION="A fully featured, yet light weight RFC2131 compliant DHCP client" |
| 43 |
-HOMEPAGE="https://roy.marples.name/projects/dhcpcd" |
| 44 |
-LICENSE="BSD-2" |
| 45 |
-SLOT="0" |
| 46 |
-IUSE="elibc_glibc +embedded ipv6 kernel_linux +udev" |
| 47 |
- |
| 48 |
-COMMON_DEPEND="udev? ( virtual/udev )" |
| 49 |
-DEPEND="${COMMON_DEPEND}" |
| 50 |
-RDEPEND="${COMMON_DEPEND}" |
| 51 |
- |
| 52 |
-PATCHES=( |
| 53 |
- "${FILESDIR}"/${P}-disable_inet6_fix.patch #677508 |
| 54 |
-) |
| 55 |
- |
| 56 |
-src_configure() { |
| 57 |
- local dev hooks=() rundir |
| 58 |
- use udev || dev="--without-dev --without-udev" |
| 59 |
- hooks=( --with-hook=ntp.conf ) |
| 60 |
- use elibc_glibc && hooks+=( --with-hook=yp.conf ) |
| 61 |
- use kernel_linux && rundir="--rundir=${EPREFIX}/run" |
| 62 |
- local myeconfargs=( |
| 63 |
- --prefix="${EPREFIX}" |
| 64 |
- --libexecdir="${EPREFIX}/lib/dhcpcd" |
| 65 |
- --dbdir="${EPREFIX}/var/lib/dhcpcd" |
| 66 |
- --localstatedir="${EPREFIX}/var" |
| 67 |
- ${rundir} |
| 68 |
- $(use_enable embedded) |
| 69 |
- $(use_enable ipv6) |
| 70 |
- ${dev} |
| 71 |
- CC="$(tc-getCC)" |
| 72 |
- ${hooks[@]} |
| 73 |
- ) |
| 74 |
- econf "${myeconfargs[@]}" |
| 75 |
-} |
| 76 |
- |
| 77 |
-src_install() { |
| 78 |
- default |
| 79 |
- keepdir /var/lib/dhcpcd |
| 80 |
- newinitd "${FILESDIR}"/${PN}.initd ${PN} |
| 81 |
- systemd_dounit "${FILESDIR}"/${PN}.service |
| 82 |
-} |
| 83 |
- |
| 84 |
-pkg_postinst() { |
| 85 |
- local dbdir="${EROOT%/}"/var/lib/dhcpcd old_files=() |
| 86 |
- |
| 87 |
- local old_old_duid="${EROOT%/}"/var/lib/dhcpcd/dhcpcd.duid |
| 88 |
- local old_duid="${EROOT%/}"/etc/dhcpcd.duid |
| 89 |
- local new_duid="${dbdir}"/duid |
| 90 |
- if [[ -e "${old_old_duid}" ]] ; then |
| 91 |
- # Upgrade the duid file to the new format if needed |
| 92 |
- if ! grep -q '..:..:..:..:..:..' "${old_old_duid}"; then |
| 93 |
- sed -i -e 's/\(..\)/\1:/g; s/:$//g' "${old_old_duid}" |
| 94 |
- fi |
| 95 |
- |
| 96 |
- # Move the duid to /etc, a more sensible location |
| 97 |
- if [[ ! -e "${old_duid}" ]] ; then |
| 98 |
- cp -p "${old_old_duid}" "${new_duid}" |
| 99 |
- fi |
| 100 |
- old_files+=( "${old_old_duid}" ) |
| 101 |
- fi |
| 102 |
- |
| 103 |
- # dhcpcd-7 moves the files out of /etc |
| 104 |
- if [[ -e "${old_duid}" ]] ; then |
| 105 |
- if [[ ! -e "${new_duid}" ]] ; then |
| 106 |
- cp -p "${old_duid}" "${new_duid}" |
| 107 |
- fi |
| 108 |
- old_files+=( "${old_duid}" ) |
| 109 |
- fi |
| 110 |
- local old_secret="${EROOT%/}"/etc/dhcpcd.secret |
| 111 |
- local new_secret="${dbdir}"/secret |
| 112 |
- if [[ -e "${old_secret}" ]] ; then |
| 113 |
- if [[ ! -e "${new_secret}" ]] ; then |
| 114 |
- cp -p "${old_secret}" "${new_secret}" |
| 115 |
- fi |
| 116 |
- old_files+=( "${old_secret}" ) |
| 117 |
- fi |
| 118 |
- |
| 119 |
- # dhcpcd-7 renames some files in /var/lib/dhcpcd |
| 120 |
- local old_rdm="${dbdir}"/dhcpcd-rdm.monotonic |
| 121 |
- local new_rdm="${dbdir}"/rdm_monotonic |
| 122 |
- if [[ -e "${old_rdm}" ]] ; then |
| 123 |
- if [[ ! -e "${new_rdm}" ]] ; then |
| 124 |
- cp -p "${old_rdm}" "${new_rdm}" |
| 125 |
- fi |
| 126 |
- old_files+=( "${old_rdm}" ) |
| 127 |
- fi |
| 128 |
- local lease= |
| 129 |
- for lease in "${dbdir}"/dhcpcd-*.lease*; do |
| 130 |
- [[ -f "${lease}" ]] || continue |
| 131 |
- old_files+=( "${lease}" ) |
| 132 |
- local new_lease=$(basename "${lease}" | sed -e "s/dhcpcd-//") |
| 133 |
- [[ -e "${dbdir}/${new_lease}" ]] && continue |
| 134 |
- cp "${lease}" "${dbdir}/${new_lease}" |
| 135 |
- done |
| 136 |
- |
| 137 |
- # Warn about removing stale files |
| 138 |
- if [[ -n "${old_files[@]}" ]] ; then |
| 139 |
- elog |
| 140 |
- elog "dhcpcd-7 has copied dhcpcd.duid and dhcpcd.secret from" |
| 141 |
- elog "${EROOT%/}/etc to ${dbdir}" |
| 142 |
- elog "and copied leases in ${dbdir} to new files with the dhcpcd-" |
| 143 |
- elog "prefix dropped." |
| 144 |
- elog |
| 145 |
- elog "You should remove these files if you don't plan on reverting" |
| 146 |
- elog "to an older version:" |
| 147 |
- local old_file= |
| 148 |
- for old_file in ${old_files[@]}; do |
| 149 |
- elog " ${old_file}" |
| 150 |
- done |
| 151 |
- fi |
| 152 |
- |
| 153 |
- if [ -z "${REPLACING_VERSIONS}" ]; then |
| 154 |
- elog |
| 155 |
- elog "dhcpcd has zeroconf support active by default." |
| 156 |
- elog "This means it will always obtain an IP address even if no" |
| 157 |
- elog "DHCP server can be contacted, which will break any existing" |
| 158 |
- elog "failover support you may have configured in your net configuration." |
| 159 |
- elog "This behaviour can be controlled with the noipv4ll configuration" |
| 160 |
- elog "file option or the -L command line switch." |
| 161 |
- elog "See the dhcpcd and dhcpcd.conf man pages for more details." |
| 162 |
- |
| 163 |
- elog |
| 164 |
- elog "Dhcpcd has duid enabled by default, and this may cause issues" |
| 165 |
- elog "with some dhcp servers. For more information, see" |
| 166 |
- elog "https://bugs.gentoo.org/show_bug.cgi?id=477356" |
| 167 |
- fi |
| 168 |
- |
| 169 |
- if ! has_version net-dns/bind-tools; then |
| 170 |
- elog |
| 171 |
- elog "If you activate the lookup-hostname hook to look up your hostname" |
| 172 |
- elog "using the dns, you need to install net-dns/bind-tools." |
| 173 |
- fi |
| 174 |
-} |
Archives